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© In a cellular telephone system, subscribers each 
have a token (such as a smartcard) by means of 
which they may respectively identify themselves to 
the network. Each subscriber logs into the network 
by using his smartcard which inputs a unique secure 
identification number (IMSI) into the network. The 
relationship between each IMSI and the correspond- 
ing subscriber's telephone number (MSISDN) is ran- 
dom and known only to the network operator, this 
arrangement facilitating simple and secure issue of 
initial and replacement smartcards. A home location 
register (HLR) in the network stores each subscrib- 
er's MSISDN and the associated IMSI. The network 
also includes an analysis table linking each IMSI with 
the identity of the corresponding HLR storage loca- 
tion. This analysis table is split into parts which are 
held at different entities, such as different mobile 
services switching centres (MSC), in the network. In 
response to an input IMSI, the relevant MSC control- 
ling the cell receiving that IMSI derives from the 
IMSI a Global Title which it uses to locate the 
relevant part of the analysis table. It can now access 
the correct storage location in the HLR, extract the 
MSISDN (and other subscriber data) and store this 
temporarily in its associated visitor location register. 
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The invention relates to telecommunication net- 
works by means of which a plurality of subscribers 
may communicate with each other. Embodiments 
of the invention to be described in more detail 
below comprise such telecommunications networks 
in the form of telephone networks and more espe- 
cially to such networks involving mobiles (such as 
in a cellular network) which can communicate with 
each other and with fixed telephones via a public 
switched telephone network (PSTN). One such 
telephone network is the planned pan-European 
digital telephone network (the "GSM" network). 

In the embodiments of the invention to be 
described, subscribers intending to communicate 
via mobiles will be issued with tokens by which 
they will identify themselves when making a call via 
the system network, such tokens being, for exam- 
ple, in the form of so-called "smartcards". Such 
smartcards carry data such as identification num- 
bers and other information to ensure the security of 
the system. It is desirable that such smartcards can 
be issued to new subscribers, and that replace- 
ment smartcards can be issued to existing sub- 
scribers in the event of wear or loss, rapidly and 
simply, for example, by a retail dealer, but without 
compromising the securing of the issued smartcard 
and of the system. 

According to the invention, there is provided a 
telecommunication network by means of which a 
plurality of subscribers may communicate with 
each other, each subscriber having a token by 
means of which they may respectively identify 
themselves to the network, each token causing a 
unique secure identification number to be input into 
the network, comprising main storage means hav- 
ing a plurality of storage locations each for storing 
a respective one of the secure* identification num- 
bers and a corresponding access number by which 
the subscriber which has the token associated with 
that identification number may be accessed via the 
network, further storage means split into parts each 
of which is located at a different position in the 
network and each for storing a respective part only 
of an analysis table which links each identification 
number with the identity of the corresponding one 
of the storage locations of the main storage means, 
accessing means responsive to each identification 
number input into the system for accessing the 
relevant part of the further storage means and 
extracting from the part of the analysis table stored 
there the identity of the corresponding one of the 
storage locations of the main storage means, and 
extracting means for extracting from that storage 
location the corresponding access number whereby 
to enable calls to and from that subscriber to be 
set up and permitting a random relationship be- 
tween the identification numbers and the access 
numbers. 



According to the invention, there is also pro- 
vided a method of operating a cellular telephone 
network in which the subscribers respectively iden- 
tify themselves to the network by means of smar- 

5 tcards which cause respective subscriber identifica- 
tion numbers to be input into the network via the 
relevant cells thereof, the identification numbers 
being secure and having a random relationship with 
the subscribers' telephone numbers, comprising 

70 the steps of setting up, in a home location register, 
storage locations for each telephone number each 
of which also stores the corresponding subscriber 
identification number and other subscriber data, 
setting up an analysis table correlating each iden- 

75 tification number with the corresponding storage 
location in the home location register, storing re- 
spective parts of this analysis table at different 
locations in the network, responding to an iden- 
tification number input at a particular cell by deriv- 

20 ing an address from the identification number and 
using this address to locate the relevant part of the 
analysis table within the network, obtaining there- 
from the storage location of the home location 
register corresponding to the identification number, 

25 extracting the corresponding subscriber's tele- 
phone number from that storage location, and stor- 
ing that telephone number in a visitor location 
register associated with the originating cell. 

Part of a cellular telephone network, such as 

30 the proposed GSM system, embodying the inven- 
tion will now be described, by way of example 
only, with reference to the accompanying diagram- 
matic drawing which is a block diagram of the 
network. 

35 The network being described is cellular in op- 
eration. Communication to and from mobiles in the 
network is by radio link between them and respec- 
tive base stations, each base station defining a cell 
of the network. When a mobile is activated, this is 

40 signalled to the base station of the cell in which the 
mobile is currently located and the network iden- 
tifies the mobile and records its current location 
area (a location area comprises a group of cells), 
updating this information as the mobile moves from 

45 one location area to another. A mobile can initiate a 
call via its base station and the network to another 
mobile or, via the PSTN (to which the network is 
connected), to a fixed subscriber to the PSTN. 
Similarly, calls can be made to the mobile via the 

so network from other mobiles or from fixed subscrib- 
ers to the PSTN. In order to enable such calls to 
be made and received, and for call charges to be 
successfully billed to mobile subscribers, it is 
clearly vital that a proper arrangement be incor- 

55 porated for identifying subscribers and ensuring so 
far as possible that only properly authorised sub- 
scribers can initiate calls from particular mobiles. 
As a means of achieving these aims, the system 
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provides each subscriber with a smartcard. The 
smartcard is pre-programmed with a unique iden- 
tification number, the "International Mobile Sub- 
scriber Identity" (IMSI) which is kept secure, that 
is, it is not visible on the card and is not known to 
the subscriber. In addition, each subscriber will be 
issued with a publicly known number, the MSISDN 
("Mobile Station International ISDN Number"). This 
is the subscriber's telephone number by means of 
which calls to that subscriber are initiated by other 
subscribers to the system and to the PSTN. 

In order to activate a mobile in the network (so 
that it may make or receive calls), the subscriber 
has to place his smartcard in a card reader at the 
mobile telephone and to enter an identification 
number (PIN). Provided that the entered PIN is 
found to be correct for that particular smartcard, 
the mobile transmits the IMSI (read from the card) 
to the appropriate base station so as to enable the 
system to record the location of the particular mo- 
bile. However, it is also necessary, of course, for 
the system to be aware of the MSISDN associated 
with that IMSI, so that, for example, an incoming 
call for that particular mobile (which the caller will 
initiate using the called subscriber's MSISDN) can 
be correctly routed. 

Subscribers to the system will normally sub- 
scribe via a dealer who will be the intermediary 
between the subscriber and the network operator. 
In practice, there will be a relatively large number 
of such dealers. Each dealer will be issued by the 
network operator with a batch of smartcards, each 
bearing a pre-programmed IMSI (and other infor- 
mation such as the PIN and security data), none of 
which is externally visible. In addition, the card will 
have an identifying serial number embossed on it 
and thus readily visible. The dealer will issue a new 
subscriber with one of these smartcards, selected 
at random, and will issue the subscriber with an 
MSISDN provided by the network operator. The 
dealer will inform the network operator of the em- 
bossed (visible) serial number of the smartcard 
issued. The network operator will thus be able to 
correlate the IMSI of the issued smartcard with the 
corresponding MSISDN - but this information will 
be unknown to anyone else. 

In practice, smartcards are likely to need re- 
placement, because of wear, after, say, two years. 
In addition, some of them are likely to be lost or 
damaged and will have to be replaced. When a 
subscriber wishes to have his smartcard replaced, 
he will return to the dealer who will select a fresh 
smartcard from his batch of unissued ones, again 
at random. This time, though, a new MSISDN will 
not be issued; the subscriber will retain the same 
MSISDN always, and the dealer therefore has to 
inform the network operator of the embossed 
(visible) serial number of the newly issued smart 



card, together with the (unchanged) MSISDN. The 
network operator again therefore knows the IMSI 
associated with that MSISDN but, as before, no 
one else does. 

5 In this way, only the minimum information is 

known to the dealer (and subscriber) and security 
is maximised. However, the effect of this is that the 
relationship between each IMSI and the corre- 
sponding MSISDN is substantially random. The 

w system therefore has to store, in a "home location 
register" (HLR), information for correlating each 
IMSI with the correct MSISDN and other subscriber 
data. Therefore, when a mobile becomes activated 
within the network (in the manner described), thus 

15 transmitting its IMSI into the network, the network 
has to be able to record the location of that sub- 
scriber, not only identifying the subscriber by the 
IMSI but also by the associated MSISDN (in order, 
for example, to enable incoming calls to be cor- 

20 rectly directed to that subscriber). 

The Figure shows part of the network in simpli- 
fied form. As shown, there are a plurality of base 
stations (BS) 5, each serving a particular geograph- 
ical location or cell. A mobile service switching 

25 centre (MSC) 6 is connected to a group of the base 
stations 5 via wired connections, each MSC serving 
some, only, of the base stations within the total 
network. Each MSC has associated with it a visitor 
location register (VLR) 8 to which it is connected 

30 by a wired connection. In addition, the system 
contains a "home location register" (HLR) 10. 

The HLR comprises fixed data storage having 
a separate storage location for each subscriber. 
Within each such location is stored the MSISDN for 

35 the subscriber and the associated IMSI, together 
with other subscriber data. When a mobile sub- 
scriber (MS), as indicated diagrammatically at 12, 
enters a cell and signals its IMSI to the corre- 
sponding base station (in the manner already ex- 

40 plained), the MSC 6, in the manner, to be ex- 
plained, causes the correct location in the HLR to 
be examined and the correct subscriber's data, 
including the correct MSISDN, to be extracted and 
stored temporarily in a location in the VLR 8. 

45 Therefore, when a call is made by or to that 
particular MS, the MSC 6 has all the necessary 
information in the VLR 8 in order to set up the call 
and to issue the appropriate billing information. 
Successful operation for the procedure de- 

50 scribed above requires the VLR to be able to 
respond to an incoming IMSI by accessing the 
correct location in the HLR. As explained above, 
the relationship between each IMSI and its 
MSISDN is completely random. There therefore 

55 has to be an "analysis table" in the network which 
associates each IMSI with the corresponding loca- 
tion in the HLR. One way of achieving this would 
be for each VLR to hold such an analysis table and 
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to use it, in response to receipt of each I MSI, to 
identify the corresponding HLR location and thus to 
extract the correct subscriber data. However, each 
such analysis table would have to have an entry for 
every individual IMSI currently allocated in the net- 
work (that is, one for each subscriber), and this 
could eventually become very large and difficult to 
maintain. 

This problem could of course be overcome if 
there were always a direct relationship between the 
IMSI and the MSISDN. Therefore, upon receipt of a 
particular IMSI the VLR could extract the corre- 
sponding MSISDN and use this to access the cor- 
rect location in the HLR. However, such an ar- 
rangement would have the effect that each smar- 
tcard would be particular to a specific MSISDN 
which would complicate issuance and replacement 
of smartcards. In order to preserve constancy of 
the MSISDN, the replacement smartcard would 
have to be individually manufactured so as to have 
the correct IMSI. If this were done by the network 
operator, the subscriber woutd be faced with unac- 
ceptable delay when the need for a replacement 
smartcard arose. It would be unacceptable on se- 
curity grounds to permit the dealer to manufacture 
the replacement card. Such an arrangement would 
also be wasteful because it would require the net- 
work operator to provide resources oh the network 
not only for active subscriptions but also for poten- 
tial subscriptions represented by the unissued 
smartcards. 

In order to deal with this problem, therefore, 
the analysis table is not maintained at each of the 
VLR but a single analysis table is distributed 
throughout the network, the analysis table being 
divided up into parts each of which is held at a 
particular location or "node" within the network, 
such as at a particular MSC (or other signalling 
element). When an IMSI is received from a mobile 
subscriber entering the network, the IMSI is an- 
alysed to derive, directly from it, a "Global Title" 
which is used as a means of accessing the correct 
part of the analysis table. Each node stores not 
only part of the analysis table but also information 
indicating where the remaining parts of the analysis 
table are stored. Therefore, the first node receiving 
the Global Title corresponding to a particular IMSI 
analyses the Global Title to decide whether it cor- 
responds to a particular IMSI for which the detailed 
analysis table is stored at that node. If that is found 
to be the case, then the HLR location is extracted 
and the message forwarded to that HLR. However, 
if the node finds that the Global Title corresponds 
to an IMSI which is not included in the part of the 
analysis table which it stores, it knows which other 
part of the network (that is, which other node) is 
storing the part of the analysis table corresponding 
to that IMSI and produces routing information 



which forwards the enquiry message to that node. 
The HLR location can thus be correctly located as 
before. 

When a replacement smartcard is issued to a 
5 subscriber, the relevant part of the analysis table is 
found within the network and up-dated so as to 
direct subsequent enquiry messages to the correct 
location in the HLR, this up-dating being in addition 
to the up-dating which is carried out on that par- 
10 ticular location in the HLR. 

Claims 

1. A telecommunication network by means of 
/5 which a plurality of subscribers may commu- 
nicate with each other, each subscriber having 
a token by means of which they may respec- 
tively identify themselves to the network, each 
token causing a unique secure identification 

20 number to be input into the network, compris- 
ing main storage means (10) having a plurality 
of storage locations each for storing a respec- 
tive one of the secure identification numbers 
and a corresponding access number by which 

25 the subscriber which has the token associated 
with that identification number may be acces- 
sed via the network, characterised by further 
storage means split into parts each of which is 
located at a different position (e.g. MSC) in the 

30 network and each for storing a respective part 
only of an analysis table which links each 
identification number with the identity of the 
corresponding one of the storage locations of 
the main storage means (10), accessing means 

35 (MSC) responsive to each identification num- 
ber input into the system for accessing the 
relevant part of the further storage means (e.g. 
MSC) and extracting from the part of the ana- 
lysis table stored there the address of the 

40 corresponding one of the storage locations of 
the main storage means (10), and extracting 
means for extracting from that storage location 
the corresponding access number whereby to 
enable calls to and from that subscriber to be 

45 set up and permitting a random relationship 

between the identification numbers and the 
access numbers. 

2. A network according to claim 1, characterised 
so in that each token is a smartcard. 

3. A network according to claim 1 or 2, charac- 
terised in that each said part of the further 
storage means (e.g. MSC) also stores informa- 

55 tion identifying the locations on the other parts 

of the further storage means and the respec- 
tive identification numbers corresponding 
thereto. 



4 



7 



EP 0 467 534 A2 



8 



4. A network according to any preceding claim, 
characterised in that it is in the form of a 
cellular telephone network for mobile subscrib- 
ers (MS) and in which the access numbers are 

the subscribers' telephone numbers. 5 

5. A network according to claims 3 and 4, charac- 
terised by a plurality of visitor location regis- 
ters (8) each associated with some of the cells 

of the network, and in that the main storage w 
means comprises a home location register (10) 
for at least part of the network, in that some at 
least of the said parts of the further storage 
means are respectively associated with dif- 
ferent signalling nodes in the network, in that is 
the accessing means comprises means asso- 
ciated with each such node for responding to a 
particular one of the identification numbers in- 
put into the network via one of the cells asso- 
ciated with a particular one of the visitor loca- 20 
tion registers (8) for determining whether the 
part of the analysis table relevant to that iden- 
tification number is held in association with that 
node and, if it is not, for deriving from informa- 
tion stored at that node the location of the 25 
relevant part of the analysis table and obtain- 
ing therefrom the address of the corresponding 
storage location in the home location register 
(10), and in that the extracting means com- 
prises means for accessing this storage loca- 30 
tion in the home location register (10) and 
transmitting information therefrom, including 
the subscriber's telephone number, to the visi- 
tor location register associated with the cell 
into which that subscriber has input the iden- 35 
tification number. 

6. A network according to claim 5, characterised 
in that some of the said nodes are mobile 
service switching centres (6) each controlling aq 
some of the cells of the network and each 
having at least one of the visitor location regis- 
ters (8) associated with it. 

7. A method of operating a cellular telephone 45 
network in which the subscribers respectively 
identify themselves to the network by means 

of smartcards which cause respective sub- 
' scriber identification numbers to be input into 
the network via the relevant cells thereof, com- 50 
prising the steps of setting up, in a home 
location register (10), storage locations for 
each telephone number each of which also 
stores the corresponding subscriber identifica- 
tion number and other subscriber data, and 55 
characterised in that the identification numbers 
have a random relationship with the subscrib- 
ers' telephone numbers, and by the steps of 



setting up an analysis table correlating each 
identification number with the corresponding 
storage location in the home location register 
(10), storing respective parts of this analysis 
table at different locations in the network, re- 
sponding to an identification number input at a 
particular cell by deriving an address from the 
identification number and using this address to 
locate the relevant part of the analysis table 
within the network, obtaining therefrom the 
storage location of the home location register 
(10) corresponding to the identification num- 
ber, extracting the corresponding subscriber's 
telephone number from that storage location, 
and storing that telephone number in a visitor 
location register (8) associated with the origi- 
nating cell. 
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